Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-5216

There is a race condition vulnerability on Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0.156(C00E156R2P14T8), Honor 10 smartphones versions earlier than Columbia-AL10B 9.0.0.156(C00E156R1P20T8) and Honor Play smartphones versions earlier than Cornell-AL00A 9.0.0.156(C00E156R1P13T8). An attacker tricks the user into installing a malicious application, which makes multiple processes to operate the same variate at the same time. Successful exploit could cause execution of malicious code.

Published

2019-06-06T15:29:01.157

Last Modified

2024-11-21T04:44:31.960

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 7.0 (HIGH)

CVSSv2 Vector

AV:N/AC:H/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

4.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-362

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	huawei	honor_view_10_firmware	< berkeley-al20_9.0.0.156\(c00e156r2p14t8\)	Yes
Hardware	huawei	honor_view_10	-	No
Operating System	huawei	honor_10_firmware	< columbia-al10b_9.0.0.156\(c00e156r1p20t8\)	Yes
Hardware	huawei	honor_10	-	No
Operating System	huawei	honor_play_firmware	< cornell-al00a_9.0.0.156\(c00e156r1p13t8\)	Yes
Hardware	huawei	honor_play	-	No

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190116-01-smartphone-en Vendor Advisory ([email protected])
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190116-01-smartphone-en Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)